cannot find UID/GID for user *: open /etc/subuid: no such file or directory

[ghost]

On Arch Linux:

$ uname -a
Linux computer 5.19.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 29 Aug 2022 15:51:05 +0000 x86_64 GNU/Linux
$ yes | sudo pacman -Syu podman
$ podman images
ERRO[0000] cannot find UID/GID for user username: open /etc/subuid: no such file or directory - check rootless mode in man pages. 
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user 
Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/home/username/.local/share/containers/storage/overlay": backing file system is unsupported for this graph driver
$ podman search httpd
ERRO[0000] cannot find UID/GID for user username: open /etc/subuid: no such file or directory - check rootless mode in man pages. 
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user 
Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/home/username/.local/share/containers/storage/overlay": backing file system is unsupported for this graph driver

Perhaps add an entry to the troubleshooting guide? Also, consider updating the message to point to the troubleshooting guide:

https://github.com/containers/podman/blob/main/troubleshooting.md

Consider:

$ podman images
ERRO[0000] See https://github.com/containers/podman/blob/main/troubleshooting.md#err-0000
WARN[0000] See https://github.com/containers/podman/blob/main/troubleshooting.md#warn-0000
ERRO[0001] See https://github.com/containers/podman/blob/main/troubleshooting.md#warn-0001

Even better, of course, would be:

$ podman images
Error: Cannot find UID/GID for username.
Apply fix [y/N]? yes
Warning: Using rootless single mapping into the namespace.
Apply fix [y/N]? yes
Error: Kernel does not support overlay.
Apply fix [y/N]? yes

Or even something like:

$ podman images
ERRO[0055] No images found.

See: https://github.com/containers/podman/blob/main/troubleshooting.md#err-0055

Something feels off here. When I run docker, it attempts to run without any error messages upon first install. Consider:

$ yes | sudo pacman -Syu docker
$ docker images
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
$ docker run
"docker run" requires at least 1 argument.
See 'docker run --help'.

Usage:  docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Run a command in a new container
$ docker start
"docker start" requires at least 1 argument.
See 'docker start --help'.

Usage:  docker start [OPTIONS] CONTAINER [CONTAINER...]

Start one or more stopped containers

The help is clear on where to go to next. In contrast, podman states:

If you have a recent version of usermod, you can execute the following commands to add the ranges to the files

$ sudo usermod --add-subuids 10000-75535 USERNAME
$ sudo usermod --add-subgids 10000-75535 USERNAME

That's not helpful. What username? Why 10000? Why 75535? Those seems like arbitrary IDs. Again, something feels off here. Why do I have to set the uid/gid values in a file located in /etc just to list images and search for an HTTP server?

[giuseppe]

to use images with multiple IDs, rootless podman needs to create a user namespace where multiple IDs are mapped.

Allocating additional IDs to a user is a privileged operation that can be performed only by root.

Most recent distros do this automatically for each user created on a system, and no manual intervention is required, but if this is not done, then you need to run usermod and make sure the unprivileged user can access more IDs.

If that is not possible, then you are forced to run with a single mapping, setting explicitly the setting in the storage.conf file. It is not done automatically, and we expect the user to set it. The environment created is different than when you have multiple IDs available, since the same same user will own every file in the image/container.

[ghost]

Allocating additional IDs to a user is a privileged operation that can be performed only by root.

Is prompting the user for permission to escalate not feasible?

to use images with multiple IDs, rootless podman needs to create a user namespace where multiple IDs are mapped.
...
then you need to run usermod and make sure the unprivileged user can access more IDs.

I've never used podman before. I have no idea whether I want rootless or not. Mostly, I was just trying to run it to see if I could create a minimal container. I spent about 30 minutes trying to figure it out, then gave up. The error messages didn't help. While I appreciate the suggestion to "run usermod", the man pages also suggest the same thing, but could use some clarification.

Possibly:

sudo usermod --add-subuids 10000-75535 $LOGNAME

$LOGNAME is POSIX.1-2017, but there may be other equally valid ways to instruct the user as to what username to use, rather than USERNAME. If we run the literal command as recommended in the man pages, we get:

$ sudo usermod --add-subuids 10000-75535 USERNAME
usermod: user 'USERNAME' does not exist

After another search, it looks like DocumentFoundation has documented a similar approach, but uses $(whoami) instead of $LOGNAME. Moreover, they also suggest running the following commands, which may also be helpful to include in podman's documentation:

sudo touch /etc/sub{u,g}id
mkdir ~/.config/containers && echo 'runtime = "crun"' >> ~/.config/containers/containers.conf

If a page like the DocumentFoundation's existed as a quick start guide for podman, I'd have been up and running in a few minutes.

It'd still be nice to know what the range of 10000-75535 means and why those particular values were selected.

[ghost]

Issue #6572 is related, where @rhatdan writes:

$ sudo usermod --add-subuids 10000-75535 USERNAME
$ sudo usermod --add-subgids 10000-75535 USERNAME

Note that those lines produce the following error message, username notwithstanding:

usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
usermod: /etc/subgid does not exist, you cannot use the flags -w or -W

Adding the following line to the documentation won't hurt:

sudo touch /etc/sub{u,g}id

[ghost]

More issues:

$ podman info 
Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/home/username/.local/share/containers/storage/overlay": backing file system is unsupported for this graph driver

This is looks like the same issue as #8705. The fix is to create ~/.config/containers/storage.conf with:

[storage]
driver = "overlay"
[storage.options]
mount_program = "/usr/bin/fuse-overlayfs"

That leads to another issue in that podman is missing a dependency on fuse-overlayfs, resulting in:

$ podman version
Error: overlay: can't stat program "/usr/bin/fuse-overlayfs": stat /usr/bin/fuse-overlayfs: no such file or directory

The fix is to install fuse-overlayfs, such as:

$ pacman -Syu fuse-overlayfs

Looks like podman is running now.

Please consider updating the man pages or adding these notes to the troubleshooting section.

[giuseppe]

AFAIK, nobody in the development team is using Arch Linux, so we are not familiar with that environment and what differences there are with other distros.

If you already have the solution to these problems, would you mind opening a PR to improve the documentation for Arch Linux?

[Luap99]

Looks like this is already documented in the Arch Wiki: https://wiki.archlinux.org/title/Podman

Linking to urls for help seems unmaintainable to me.

[rhatdan]

This seems to be specific to Archlinux and should be added under the installing part. I don't think we need to dirty up the man pages with each distros kernel decisions.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@DaveJarvis are you interested in opening a PR to fix this?

[ghost]

Sorry, I have many other fish being fried.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[v3ss0n]

archlinux , wont' work even after usermod

cat /etc/sub{u,g}id
root:1000000:1000000000
mainuser:100000:65536
user2:10000:65536
root:1000000:1000000000
user2:100000:65536

[rhatdan]

Did you do a
$ podman system migrate

[v3ss0n]

i did , i have to manually add mainuser:100000:65536 to subgid

[rhatdan]

And now it works?

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

Since I never heard back, I am assuming this issue has been resolved, closing. Reopen if I am mistaken.

[v3ss0n]

It is not sovled , i just stopped trying podman for my usecase and i went back to docker.
But i think i rememerd adding manually worked , i will check again and let you know.